Title :
Constructing a Cloud-Based IDS by Merging VMI with FMA
Author :
Harrison, Cyrus ; Cook, Donald ; McGraw, Robert ; Hamilton, John A.
Abstract :
Cloud computing has emerged in recent years as a major segment of the IT industry; however, security concerns remain the primary impediment to full-scale adoption. Leveraging properties of virtualization, virtual machine introspection (VMI) has yielded promising research for cloud security yet adoption of these approaches in production environments remains minimal due to a semantic gap: the extraction of high-level knowledge of the guest operating system´s state from low-level artifacts collected out-of-VM. Within the field of forensic memory analysis (FMA), a similar semantic gap exists from the reconstruction of physical memory dumps. We implement a production oriented prototype utilizing designs that combines and narrows these semantic gaps in a modular framework to function as an intrusion detection system (IDS) detecting and defeating post-exploitation activity.
Keywords :
cloud computing; computer forensics; invasive software; knowledge acquisition; virtual machines; virtualisation; FMA; IT industry; VMI; cloud computing-based IDS construction; cloud security; forensic memory analysis; high-level knowledge extraction; intrusion detection system; leveraging properties; low-level artifacts; modular framework; operating system state; physical memory dump reconstruction; postexploitation activity; production environments; production oriented prototype; semantic gap; virtual machine introspection; virtualization; Databases; Malware; Monitoring; Prototypes; Virtual machining; cloud; malware; secure monitoring; virtual machines;
Conference_Titel :
Trust, Security and Privacy in Computing and Communications (TrustCom), 2012 IEEE 11th International Conference on
Conference_Location :
Liverpool
Print_ISBN :
978-1-4673-2172-3
DOI :
10.1109/TrustCom.2012.113
